Main Content

Accessing medical records: the do’s and don’ts

Accessing medical records: the do’s and don’ts

Privacy and confidentiality can lead to thorny issues

They say curiosity killed the cat. It can also kill your career. Accessing medical records when you are not authorised to do so is not only inappropriate; it is illegal.

Lorraine Walker is a nurse educator with broad experience in nursing practice and management. She runs regular courses at Monash University that focus on law and ethics for nurses and midwives.

She has also noticed an increase in recent years of nurses and midwives being reported to AHPRA for accessing medical records, with too many seemingly unaware that there are potentially serious repercussions for such actions – ‘up to, potentially, being terminated by their employer and/or having their registration suspended’.

When you can, when you can’t

There is one key legitimate reason for accessing a person’s medical records. ‘If you are involved in the care of an individual, then accessing their record and inputting information into that record is essential as part of your duty of care. You need to access the record to ensure that you understand what’s happening with the patient, to be able to liaise with the inter-professional team, to be able to provide appropriate care and management of their condition.’

Almost any other reason could land you in trouble. There are special circumstances, such as accessing de-identified records for research, but as a general rule – if in doubt, don’t. The ANMF is aware of a small but not insignificant number of members accessing unauthorised records, including their own records, or their family member’s records. These are not special circumstances.

‘Gone are the days where you might have had a patient in your care and then they’ve gone to another ward, but you’ve checked their records to see how they were doing,’ Lorraine elaborates. ‘The patient is no longer in your care so it’s not appropriate and it’s a breach of the legislation.’

Do not risk it

It’s also easier than ever to get caught, ‘particularly now that most organisations have electronic medical records so your access can be traced.’ In other words, you will be identified when you access records, and your employer will be able to check whether it was appropriate for you to have access to those records or not.

One extreme, publicly documented, example involved an enrolled nurse who inappropriately accessed records over 200 times. Among the records she accessed were her own records as well as records of her colleagues and even her colleagues’ family members. ‘It was totally inappropriate because she wasn’t involved in the care of any of those patients.’

She was also breaching legislation, Lorraine notes. ‘We are bound by the law and the ethical responsibilities around the need for privacy and confidentiality to be maintained,’ she says. This includes various privacy acts – including the Health Records Act (2001) and the Australian Privacy Act 1988 – as well as Nursing and Midwifery Board of Australia’s codes of conduct.

Learn the do’s and don’ts

In December, Lorraine is running a three-hour CPD module for the ANMF (Vic Brach) on the do’s and don’ts of accessing medical records. The course will cover the legislation as well as looking at the potential consequences of breaching; it will also go over some case studies. It will be a refresher course for some, such as managers who need to convey the latest information to their staff; for others, it might be that they’ve simply not had this education yet. Registrations are open now.